A week or so ago I had to implement a custom ssl socket factory to do some specialized hostname verification.
For background, we had been connecting to a "front-end" server that was presenting a SSL cert with a context name matching that server name. In fact, that cert is provided by a server "underneath" that front server. Due to certain network issues, we had to change our client code to directly connect to that "underneath" server. Unfortunately, that meant that hostname verification was now failing, and we don't want to turn off hostname verification. So, I implemented a ssl socket factory that gets constructed with an "alternate CN", which I'm passing in the original "front server" name for. This is working fine. I did this with HttpClient 3.0.1. I'm now researching what will be required to upgrade our code base to use the latest HttpClient, 4.1.1 at this point. I've been looking at the new documentation, and I noticed the "BrowserCompatHostnameVerifier" option. From what I can see, this isn't quite what I need. Will I still need a custom ssl socket factory for this, or is some of what I need now "canned" in the latest HttpClient? --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
